| Ash Wilson | 70dfe0c | 2014-08-28 13:57:09 -0400 | [diff] [blame] | 1 | package gophercloud |
| 2 | |
| Ash Wilson | 730a506 | 2014-10-31 15:13:35 -0400 | [diff] [blame] | 3 | /* |
| Jon Perritt | db0ae14 | 2016-03-13 00:33:41 -0600 | [diff] [blame] | 4 | type AuthOptionsBuilder interface { |
| 5 | ToTokenCreateMap() (map[string]interface{}, error) |
| 6 | } |
| 7 | */ |
| 8 | |
| 9 | /* |
| Ash Wilson | 730a506 | 2014-10-31 15:13:35 -0400 | [diff] [blame] | 10 | AuthOptions stores information needed to authenticate to an OpenStack cluster. |
| 11 | You can populate one manually, or use a provider's AuthOptionsFromEnv() function |
| 12 | to read relevant information from the standard environment variables. Pass one |
| 13 | to a provider's AuthenticatedClient function to authenticate and obtain a |
| 14 | ProviderClient representing an active session on that provider. |
| 15 | |
| 16 | Its fields are the union of those recognized by each identity implementation and |
| 17 | provider. |
| 18 | */ |
| Ash Wilson | 70dfe0c | 2014-08-28 13:57:09 -0400 | [diff] [blame] | 19 | type AuthOptions struct { |
| Jamie Hannaford | b280dea | 2014-10-24 15:14:06 +0200 | [diff] [blame] | 20 | // IdentityEndpoint specifies the HTTP endpoint that is required to work with |
| Ash Wilson | 730a506 | 2014-10-31 15:13:35 -0400 | [diff] [blame] | 21 | // the Identity API of the appropriate version. While it's ultimately needed by |
| 22 | // all of the identity services, it will often be populated by a provider-level |
| 23 | // function. |
| Jon Perritt | db0ae14 | 2016-03-13 00:33:41 -0600 | [diff] [blame] | 24 | IdentityEndpoint string `json:"-"` |
| Ash Wilson | 70dfe0c | 2014-08-28 13:57:09 -0400 | [diff] [blame] | 25 | |
| Jamie Hannaford | b280dea | 2014-10-24 15:14:06 +0200 | [diff] [blame] | 26 | // Username is required if using Identity V2 API. Consult with your provider's |
| 27 | // control panel to discover your account's username. In Identity V3, either |
| Ash Wilson | 730a506 | 2014-10-31 15:13:35 -0400 | [diff] [blame] | 28 | // UserID or a combination of Username and DomainID or DomainName are needed. |
| Jon Perritt | db0ae14 | 2016-03-13 00:33:41 -0600 | [diff] [blame] | 29 | Username string `json:"username,omitempty"` |
| 30 | UserID string `json:"id,omitempty"` |
| Ash Wilson | 70dfe0c | 2014-08-28 13:57:09 -0400 | [diff] [blame] | 31 | |
| Jon Perritt | db0ae14 | 2016-03-13 00:33:41 -0600 | [diff] [blame] | 32 | Password string `json:"password,omitempty"` |
| Ash Wilson | 70dfe0c | 2014-08-28 13:57:09 -0400 | [diff] [blame] | 33 | |
| Jamie Hannaford | b280dea | 2014-10-24 15:14:06 +0200 | [diff] [blame] | 34 | // At most one of DomainID and DomainName must be provided if using Username |
| 35 | // with Identity V3. Otherwise, either are optional. |
| Jon Perritt | db0ae14 | 2016-03-13 00:33:41 -0600 | [diff] [blame] | 36 | DomainID string `json:"id,omitempty"` |
| 37 | DomainName string `json:"name,omitempty"` |
| Ash Wilson | 70dfe0c | 2014-08-28 13:57:09 -0400 | [diff] [blame] | 38 | |
| 39 | // The TenantID and TenantName fields are optional for the Identity V2 API. |
| 40 | // Some providers allow you to specify a TenantName instead of the TenantId. |
| Ash Wilson | 730a506 | 2014-10-31 15:13:35 -0400 | [diff] [blame] | 41 | // Some require both. Your provider's authentication policies will determine |
| Ash Wilson | 70dfe0c | 2014-08-28 13:57:09 -0400 | [diff] [blame] | 42 | // how these fields influence authentication. |
| Jon Perritt | db0ae14 | 2016-03-13 00:33:41 -0600 | [diff] [blame] | 43 | TenantID string `json:"tenantId,omitempty"` |
| 44 | TenantName string `json:"tenantName,omitempty"` |
| Ash Wilson | 70dfe0c | 2014-08-28 13:57:09 -0400 | [diff] [blame] | 45 | |
| 46 | // AllowReauth should be set to true if you grant permission for Gophercloud to |
| 47 | // cache your credentials in memory, and to allow Gophercloud to attempt to |
| 48 | // re-authenticate automatically if/when your token expires. If you set it to |
| 49 | // false, it will not cache these settings, but re-authentication will not be |
| 50 | // possible. This setting defaults to false. |
| Jon Perritt | db0ae14 | 2016-03-13 00:33:41 -0600 | [diff] [blame] | 51 | AllowReauth bool `json:"-"` |
| jrperritt | 95b74c8 | 2015-07-28 20:39:27 -0600 | [diff] [blame] | 52 | |
| jrperritt | 1f218c8 | 2015-07-29 08:54:18 -0600 | [diff] [blame] | 53 | // TokenID allows users to authenticate (possibly as another user) with an |
| 54 | // authentication token ID. |
| 55 | TokenID string |
| Ash Wilson | 70dfe0c | 2014-08-28 13:57:09 -0400 | [diff] [blame] | 56 | } |
| Jon Perritt | db0ae14 | 2016-03-13 00:33:41 -0600 | [diff] [blame] | 57 | |
| 58 | // ToTokenV2CreateMap allows AuthOptions to satisfy the AuthOptionsBuilder |
| 59 | // interface in the v2 tokens package |
| 60 | func (opts AuthOptions) ToTokenV2CreateMap() (map[string]interface{}, error) { |
| 61 | v2Opts := AuthOptionsV2{ |
| 62 | PasswordCredentials: &PasswordCredentialsV2{ |
| 63 | Username: opts.Username, |
| 64 | Password: opts.Password, |
| 65 | }, |
| 66 | TenantID: opts.TenantID, |
| 67 | TenantName: opts.TenantName, |
| 68 | TokenCredentials: &TokenCredentialsV2{ |
| 69 | ID: opts.TokenID, |
| 70 | }, |
| 71 | } |
| 72 | |
| 73 | b, err := BuildRequestBody(v2Opts, "auth") |
| 74 | if err != nil { |
| 75 | return nil, err |
| 76 | } |
| 77 | /* |
| 78 | if opts.TokenID == "" { |
| 79 | delete(b["auth"].(map[string]interface{}), "token") |
| 80 | return b, nil |
| 81 | } |
| 82 | |
| 83 | delete(b["auth"].(map[string]interface{}), "passwordCredentials")*/ |
| 84 | return b, nil |
| 85 | } |
| 86 | |
| 87 | func (opts AuthOptions) ToTokenV3CreateMap(scope *ScopeOptsV3) (map[string]interface{}, error) { |
| 88 | var methods []string |
| 89 | if opts.TokenID != "" { |
| 90 | methods = []string{"token"} |
| 91 | } else { |
| 92 | methods = []string{"password"} |
| 93 | } |
| 94 | |
| 95 | v3Opts := AuthOptionsV3{ |
| 96 | Identity: &IdentityCredentialsV3{ |
| 97 | Methods: methods, |
| 98 | PasswordCredentials: &PasswordCredentialsV3{ |
| 99 | User: &UserV3{ |
| 100 | ID: opts.UserID, |
| 101 | Name: opts.Username, |
| 102 | Password: opts.Password, |
| 103 | Domain: &DomainV3{ |
| 104 | ID: opts.DomainID, |
| 105 | Name: opts.DomainName, |
| 106 | }, |
| 107 | }, |
| 108 | }, |
| 109 | TokenCredentials: &TokenCredentialsV3{ |
| 110 | ID: opts.TokenID, |
| 111 | }, |
| 112 | }, |
| 113 | } |
| 114 | |
| 115 | if scope != nil { |
| 116 | v3Opts.Scope = &ScopeV3{ |
| 117 | Domain: &ScopeDomainV3{ |
| 118 | ID: scope.DomainID, |
| 119 | Name: scope.DomainName, |
| 120 | }, |
| 121 | Project: &ScopeProjectV3{ |
| 122 | Domain: &ScopeProjectDomainV3{ |
| 123 | ID: scope.DomainID, |
| 124 | Name: scope.DomainName, |
| 125 | }, |
| 126 | ID: scope.ProjectID, |
| 127 | Name: scope.ProjectName, |
| 128 | }, |
| 129 | } |
| 130 | } |
| 131 | |
| 132 | b, err := BuildRequestBody(v3Opts, "auth") |
| 133 | if err != nil { |
| 134 | return nil, err |
| 135 | } |
| 136 | /* |
| 137 | if opts.TokenID == "" { |
| 138 | delete(b["auth"].(map[string]interface{}), "token") |
| 139 | return b, nil |
| 140 | } |
| 141 | |
| 142 | delete(b["auth"].(map[string]interface{}), "passwordCredentials")*/ |
| 143 | return b, nil |
| 144 | } |